Home - Article

Featured Article

May 05, 2015

Experiencing High Customer Bounce Rates on Your Website? Your Security Certificate Could Be to Blame


Imagine your customer is browsing your website on Google Chrome, and is prompted to enter personal security credentials before proceeding with his or her business (be it account inquiry or registration).

Before entering any information, however, your customer wants to make sure your website is secure. So the customer looks at your website’s URL, but instead of seeing the familiar green and white lock indicating the website has been verified by a trusted third party, the customer instead sees a red box with an “x” over the lock.

As a result of seeing this warning, the customer exits out of the browser before entering any information, out of fear of having his or her personal information compromised. To the customer, it may appear that your business is not using strong encryption to protect sensitive data even if you are using an advanced encryption protocol like Transport Layer Security (TLS).

Here is an example of what this looks like, on the refund section of the IRS website: 

What could be causing this issue? It could be that you are using the outdated HTTPS security certificate, SHA-1. As explained in a recent Google Security post, when this popular cryptographic hash algorithm was first created in 2005, it was thought to be un-modifiable and, thus, hack-proof. Confidence in SHA-1, however, has since waned as the algorithm has not proven as strong as security experts originally thought. Major Internet browsers like Microsoft and Mozilla, therefore, have made it clear they will stop supporting SHA-1 certificates in 2017.

Google, however, is taking a different stance toward SHA-1, deciding to sunset the certificate early. Websites using SHA-1 certificates that expire after January 1, 2017, are already considered to be insecure on Google Chrome. So while using SHA-1 does not pose any greater danger to end users than it has over the past several years, visitors browsing on your website could now be receiving error messages alerting them about possible vulnerabilities.

This could be a large portion of your customer base, too, as Google Chrome is currently the most popular Internet browser and is utilized by 34.7 percent of all Internet users. So if your business is still using SHA-1 security certificates, make sure to contact your website’s certificate provider and request a reissue.

As this example shows, staying on top of security issues is a never-ending task. Accordingly, it helps to have the guidance of a managed IT services provider like Apex Technology Services of Norwalk, Connecticut to oversee website operations and apply changes when they are needed. You can learn more about how Apex can help your business by clicking here.

 

Apex Technology Services
Choose from comprehensive, affordable solutions for IT consulting, network services and computer help desk support in Fairfield county including Norwalk, Darien, Stamford, Greenwich, Ridgefield and Bridgeport. Also Westchester county including Rye, New Rochelle, White Plains, Yonkers and New York including Manhattan and the five boroughs.
IT SERVICES

IT SERVICES

Apex Technology Services is a cutting edge MSP offering quality IT support to financial, medical, legal, Fortune 500 and government agencies while adhering to the highest of quality...

LEARN MORE
CYBERSECURITY Services

CYBERSECURITY

Apex Technology Services has the cybersecurity expertise to help your business in a world filled with attackers looking to shut down your business hold it ransom or steal your valuable...

LEARN MORE
CLOUD SERVICES

CLOUD SERVICES

Apex Technology Services delivers a combination of traditional IT functions such as infrastructure as a service (IaaS), applications, software, security, monitoring, storage...

LEARN MORE

Ranked Top 10 Network security Solution Provider

One Stop Shop For All Your Technology Needs


Contact us Now!